tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

UBUNTU-CVE-2025-49125

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

CVE-2002-2158

zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...

CVE-2002-2090

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp...

OESA-2025-1271 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option...

CVE-2024-40407

A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors...

CVE-2024-40407

A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework. An attacker can exploit the vulnerability to read files outside of the servi...

CVE-2024-5735

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

Admiror Frames Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0 that originates from allowing an unauthorized attacker to retrieve the location of the web root folder...

CVE-2024-31819

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component...

PT-2024-5038 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 12.4 through 14.2 Description: The issue in WWBN AVideo is related to insufficient input validation in the submitIndex.php file of the WWBNIndex plugin, allowing a remote attacker to execute arbitrary code via the...

VulnCheck KEV: CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow...

GHSA-W6X2-JG8H-P6MP Path Traversal in TYPO3 File Abstraction Layer Storages

Problem Configurable storages using the local driver of the File Abstraction Layer FAL could be configured to access directories outside of the root directory of the corresponding project. The system setting in BE/lockRootPath was not evaluated by the file abstraction layer component. An...

UBUNTU-CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

Arbitrary File Read

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network...

Vite 安全漏洞

Vite is a new front-end building tool from Vite open source. A security vulnerability exists in Vite versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9. An attacker exploits the vulnerability to read files from the application's Vite root path...